Managing Resource Records and Hosts

This chapter explains how to configure some of the more advanced DNS zone and server parameters using the Cisco CNS Network Registrar CLI and GUI. Before you proceed with the concepts in this chapter, read Chapter 8, "Managing Zones," which explains how to set up the basic properties of a primary and secondary DNS server and its zones.

Managing Resource Records

Resource records comprise the data within a DNS zone. Although there is no fixed limit to the number of resource records a zone may own, in general, a zone may own one or more resource records of a given type (it always has an SOA record). There are some exceptions depending on the types involved. All resource records have the entries described in Table 9-1.

Table 9-1 Resource Record Common Entries

Resource Record Entry

Description

Name

Owner of the record, such as a zone or host name.

Class (not required for all formats)

Network Registrar supports only the IN (Internet) class.

TTL (time to live)

Amount of time to store the record in a cache, in seconds. If you do not include a TTL, Network Registrar uses the zone default TTL, defined as a zone attribute.

Type

Type of the record, such as A, NS, SOA, and MX. There are many types that various RFCs define, although ten or fewer are in common use.

Record data

Data types whose format and meaning varies with record type.

This section describes how to add, remove, edit, and filter resource records.

Adding Resource Records

There are two types of DNS resource records: static and active (or server). Static resource records are what administrators typically add and manage. Active (or server) records are an aggregate of these static configuration records with the dynamic records added by the DHCP server or other clients. Adding records through the server resource record page in the Web UI creates dynamic records, which are then subject to alteration by dynamic DNS update clients. You usually add dynamic records only to repair or replace records maintained by these clients, such as the DHCP server.

Tip Records are listed in the formats specified by their respective RFCs, with only the first record in a set labeled with its name, and in DNSSEC order. To reduce or increase the items in the table, change the Page Size value at the bottom of the page, then click Change Page Size.

Step 4 Add the resource record name, TTL (if not using the default TTL), type, and data as is appropriate.

Step 5 Click Add Resource Record.

In the CLI, use the zonenameaddRRcommand to add a resource record of a certain type. You can specify the name as a relative name, if the owner is in the same domain, an absolute name (by supplying the FQDN), or the same name as the zone name (by using the "@" symbol).

Editing Resource Records

Editing resource records has a number of different functions, as described in Table 9-2.

Table 9-2 Editing Resource Records

Editing Function

Page

Editing Mechanism

Edit a single static resource record

List/Add Static Resource Records for Zone

Click the Edit icon () next to the record name to open the Edit Resource Record in Zone page. You can modify the record on this page.

Click the resource record name link to open the Edit Resource Record Set in Zone page. You can modify existing and add more records to the set.

Edit a single static resource record in a record set

Edit Resource Record Set in Zone

Click the Edit icon () next to the record name to open the Edit Resource Record in Zone page.You can modify the record on this page.

Edit a dynamic resource record set

List/Add DNS Server Resource Records for Zone

Click the resource record name link to open the Edit Resource Record Set in Zone page. You can only add more records to the set.

Removing Resource Records

You can remove resource records from a zone. In the Web UI, on the List/Add Static Resource Records for Zone or List/Add DNS Server Resource Records for Zone page, to remove an entire record name set, click the Delete icon () next to the record set name in the list, then confirm the deletion. To remove individual records from the set, click the name of the record set to open the Edit Resource Record Set page, click the Delete icon next to the individual record in the list, then confirm the deletion.

In the local cluster CLI, use the zonenameremoveRR command to remove static resource records. You must specify the owner. If you omit the data, Network Registrar removes all records of the specified type for the specified owner. Similarly, if you omit the type, Network Registrar removes all records for the specified owner. Confirm the removal using the zonenamelistRR command.

Adding Dynamic Records

The DNS server must be running to add dynamic records. Changes take effect immediately; you do not need to reload the server after adding the record. However, the zone must be active on the server, which requires a reload after creating the zone.

In the CLI, use the zonenameaddDynRR command to add dynamic resource records. You must specify resource records at least by owner, type, and data; the TTL is optional. The only types of dynamic records that you can add are A, TXT, PTR, CNAME, or SRV records. For these records, their state is indicated as dynamic. To determine whether dynamic DNS is working and what dynamic entries are in the system, see the "Filtering Records" section.

Removing Dynamic Records

The DNS server must be running to remove dynamic records. Changes take effect immediately; you do not need to reload the server. However, the zone must be active on the server, which requires a reload after you create the zone.

In the local cluster Web UI, on the List/Add DNS Server Resource Records for Zone page:

•To remove an entire record name set, click the Delete icon () next to the record set name in the list, then confirm the deletion.

•To remove individual records from the set, click the name of the record set to open the Edit Resource Record Set page, click the Delete icon next to the individual record in the list, then confirm the deletion.

In the CLI, use the zonenameremoveDynRR command to remove dynamic resource records. You can specify resource records just by owner; owner and type; or owner, type, and data. Specifying a type without data removes the entire resource record set; including the data removes the specific dynamic resource record only. To determine whether dynamic DNS is working and what dynamic entries are in the system, see the "Filtering Records" section.

Removing Cached Records

Removing cached records removes nonauthoritative resource records from both in-memory and persistent (nonauthoritative) cache. The DNS server must be running to remove cached records. Changes take effect immediately; you do not need to reload the server.

This function is not available in the Web UI. In the CLI, use the zonenameremoveCacheRR command to remove cached resource records in the memory and persistent caches. With the type omitted, this removes the entire name set; if included without data, this removes the resource record set; with both type and data included, this purges the specific record.

Listing Records

You can display all the resource records, or the static or dynamic ones. The server must be operating to display the dynamic records.

In the local cluster Web UI, on the List/Add Static Resource Records for Zone or List/Add DNS Server Resource Records for Zone page, view the records on the page, then click Return to Zone List.

In the CLI, use the zonenamelistRRcommand to display resource records in the named zone.

Adding and Deleting Static Records in Sets

Each resource record belongs to a set identified by the name of the resource record. (Note that this name appears only once, next to the first record in the set.) For example, a record set can have multiple A or PTR records. You can add and delete records in this set.

Editing resource record sets is only available in the Web UI. On the List/Add Static Resource Records for Zone page, click the name of the record set to which you want to add additional records. This opens the Edit Resource Record Set in Zone page (see Figure 9-3). (If the resource record name and other fields are not visible at the top of the page, expand the page by clicking the + sign next to the Name field.)

Note If you click the Edit icon (), this edits the specific record only, and not its entire set.

Figure 9-3 Edit Resource Record Set in Zone Page

Reload the DNS server from the Manage DNS Server page.

Filtering Records

You may want to filter records to display only one type of record, such as an A or PTR record.

In the local cluster Web UI, filter records by entering part of its name in the search field at the bottom of the List/Add Resource Records page and clicking the Search icon (). To reduce the number of records displayed, change the page size value, then click Change Page Size.

In the CLI, you can use the zonenamelistRRoption command to filter records. This helps determine whether dynamic DNS is working and what dynamic entries are in the system. The options are:

•all—Displays all records (the default)

•static—Displays only static records

•dynamic—Displays only dynamic records

Deleting Leftover Zone Records After Recreating Zones

You can delete leftover static zone records after you delete a zone and then recreate it. Dynamic resource records are automatically deleted when you recreate the zone.

This function is currently not available in the Web UI. In the CLI, use the zonenamecleanRR command if you periodically delete and re-import zones, which can cause your database to grow. This command uses the DNS server's historical zone data to determine what part to remove. It does not print a list of records to be deleted or prompt you for confirmation. You can safely run it any time.

Using Service Location (SRV) Records

Windows 2000 domain controllers use the service location (SRV) resource record to advertise services to the network. This resource record is defined in the RFC 2782, "A DNS RR for specifying the location of services (DNS SRV)." The RFC defines the format of the SRV record (DNS type code 33) as:

_service._protocol.name ttl class SRV priority weight port target

There should always be an A record associated with the SRV record's target so that the client can resolve the service back to a host. In the Microsoft Windows 2000 implementation of SRV records, the records might look like this:

myserver.example.com A 10.100.200.11

_ldap._tcp.example.com SRV 0 0 389 myserver.example.com

_kdc._tcp.example.com SRV 0 0 88 myserver.example.com

_ldap._tcp.dc._msdcs.example.com SRV 0 0 88 myserver.example.com

An underscore always precedes the service and protocol names. In the example, _kdc is the Key Distribution Center. The priority and weight help a client choose between target servers providing the same service (the weight differentiating those with equal priorities). If the priority and weight are all set to zero, the client orders the servers randomly. For more information on SRV records, see Appendix A, "Resource Records."

Using NAPTR Records

Network Registrar supports Naming Authority Pointer (NAPTR) resource records. These records help with name resolution in a particular namespace and are processed to get to a resolution service. Because NAPTR records are a proposed standard, RFC 3403, Network Registrar only validates their numeric record fields. However, the proposed standard requires a value for each field, even if it is null (""), and there are no default values. See Appendix A, "Resource Records" for the syntax of NAPTR records.

When using a NAPTR record to locate a Session Initiation Protocol (SIP) proxy, see the proposed standard, RFC 2916 or RFC 3263. In RFC 2916, the ENUM working group of the Internet Engineering Task Force specifies NAPTR records to map E.164 addresses to Universal Resource Identifiers (URIs). Using the NAPTR record resolves a name in the E.164 international public telecommunication namespace to a URI, instead of providing the name of a service to use as a resolver. The U flag was added to the NAPTR record for this purpose.

For example, to specify a SIP proxy for the phone number +4689761234, add a NAPTR record at the name 4.3.2.1.6.7.9.8.6.4.e164.arpa. with this content:

100 10 "u" "sip+E2U" "/^.*$/sip:info@tele2.se/" .

This sets these fields of the NAPTR record:

order = 100

preference = 10

flags = "u"

service = "sip+E2U"

regexp = "/^.*$/sip:info@tele2.se/"

replacement = .

After you configure these fields, the DNS client dealing with phone number +4689761234 can now find an SIP service URI by replacing the number with "sip:info@tele2.se." The E.164 zone mostly uses the NAPTR record for wholesale replacement of the "input" telephone number. Section 3.2.3 of RFC 2916 includes an example of one transformation to a Lightweight Directory Access Protocol (LDAP) query that preserves some of the digits. The E.164 zone does not map to service location (SRV) records because it wants to obtain a SIP URL that is more humanly readable to the left of the "at" (@) symbol.

Step 5 Enter the data as a string embedded in quotes and separated by spaces:

a. Order

b. Preference

c. Flags

d. Service

e. Regular expression

f. Replacement string

For example:

"100 10 u sip+E2U /^.*$/sip:info@tele2.se/ ."

Step 6 Click Add Resource Record.

Step 7 Refresh the list if necessary.

In the CLI, use the zonenameaddRR command, then reload the server.

Managing Hosts in Zones

Configuring hosts adds A resource records for the host at the DNS server, as indicated in the "Adding Resource Records" section. You must create an A record for each NS record.

Adding Address, Canonical Name, and Mail Exchanger Records

In the local cluster Web UI, you can add Address (A) records for hosts when you create them, then add Canonical Name (CNAME) and Mail Exchanger (MX) records when you create resource records for the zone. Here is the procedure to follow:

Step 1 On the Primary Navigation bar, click Host, then Zones on the Secondary Navigation bar. This opens the List Zones page.

Step 2 Click the name of the zone for which you want to add host records. This opens the List/Add Hosts for Zone page.

Step 3 Enter the name of the host and its IP address. If you want to create a corresponding Pointer (PTR) record, click a check mark in the Create PTR Records? box. Then click Add Host.

Step 4 Click Zone on the Primary Navigation bar, then Zones on the Secondary Navigation bar to open the List/Add Zones page.

Step 5 Click the View icon () in the Configuration RRs column next to the zone name for which you want to add CNAME and MX records (although you can also create A records this way as well). This opens the List/Add Static Resource Records for Zone page:

a. For a CNAME record, add the alias host name in the Name field, click CNAME in the Type list, add the canonical name of the host in the Data field, then click Add Resource Record. Note that the DNS specification prohibits the existence of a CNAME record with the same name as another resource record.

b. For an MX record, add the origin host name in the Name field, click MX in the Type list, add the integer preference value, a space, and the domain name of the mail exchanger for the origin host, then click Add Resource Record.

c. For an additional A record, add a host name in the Name field, click A in the Type drop-down list, add an IP address for the host in the Data field, then click Add Resource Record.

Step 6 Reload the DNS server if you want these records to become active server records.

In the CLI:

•To create a zone's A records and aliases in a single operation, use the zonenameaddHost command.

Editing Hosts

Step 1 Click Host on the Primary Navigation bar. If you get the List Zones page, click a zone name to open the List/Add Hosts in Zone page. If there is only one zone, this immediately opens this page.

Step 2 Choose the name of the host you want to edit. This opens the Edit Host page.

Step 3 You can edit the host name or its IP address, or you can delete the host using the Delete icon ().

Step 4 Click Modify Host.

In the CLI, you have to remove the host using the zonenameremoveHost command, and re-add it using the zonenameaddHost command.

Removing Hosts

Removing a host removes only the A resource records for that host.

In the local cluster Web UI, on the List/Add Hosts in Zone page (see the "Editing Hosts" section for the two possible ways to get there), click the Delete icon () next to the host you want to remove, then confirm the deletion. You can also delete addresses for hosts on the Add Host and Edit Host page.

In the CLI, use the zonenameremoveRRhostnameA command, then confirm the removal using the zonenamelistHosts command.